From 70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sun, 11 Sep 2016 17:54:12 -0400
Subject: Generate our x509 certificates using sha256, not sha1.

All supported Tors (0.2.4+) require versions of openssl that can
handle this.

Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
---
 src/common/tortls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/common/tortls.c')

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 0315398946..eb24411a78 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -523,7 +523,8 @@ MOCK_IMPL(STATIC X509 *,
     goto error;
   if (!X509_set_pubkey(x509, pkey))
     goto error;
-  if (!X509_sign(x509, sign_pkey, EVP_sha1()))
+
+  if (!X509_sign(x509, sign_pkey, EVP_sha256()))
     goto error;
 
   goto done;
-- 
cgit v1.2.3-54-g00ecf